<?php
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//
// DLMan by Shedd Technologies International		  				//
// http://www.dlman.com | info@dlman.com							//
// Copyright 2003 by STI, All rights reserved.						//
// ---------------------------------------------------------------- //
// Usage of this software is governed by the terms of GPL. 	    	//
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//

require_once("../global.php");
require_once("../uis.php");
require_once("../config.php");
require_once("../functions.php");

//DISPLAY LOGIN SCREEN
if(!isset($action)){
	//CHECK FOR EXISTING SESSION
	session_save_path($sspath);
	@session_start(session_id());//SID changed to session_id()
	//verify authentication
	if(@verify($HTTP_SESSION_VARS["ouser"],$HTTP_SESSION_VARS["opass"])||@verify($HTTP_SESSION_VARS["Suser"],$HTTP_SESSION_VARS["Spass"])){
		if(isset($HTTP_SESSION_VARS["ouser"])){
			$Muser=$HTTP_SESSION_VARS["ouser"];
			$Mpass=$HTTP_SESSION_VARS["opass"];
		}
		elseif(isset($HTTP_SESSION_VARS["Suser"])){
			$Muser=$HTTP_SESSION_VARS["Suser"];
			$Mpass=$HTTP_SESSION_VARS["Spass"];
		}
		
		global $Muser,$Mpass;
		
		session_register("Muser");
		session_register("Mpass");
		if(is_array($HTTP_SESSION_VARS)){
			$HTTP_SESSION_VARS["Muser"]=$Muser;
			$HTTP_SESSION_VARS["Mpass"]=$Mpass;
		}
		elseif(is_array($_SESSION)){
			$_SESSION["Muser"]=$Muser;
			$_SESSION["Mpass"]=$Mpass;
		}
		
		if(isset($HTTP_SESSION_VARS["ouser"])){
			$Muser=$HTTP_SESSION_VARS["ouser"];
			$Mpass=$HTTP_SESSION_VARS["opass"];
		}
		elseif(isset($HTTP_SESSION_VARS["Suser"])){
			$Muser=$HTTP_SESSION_VARS["Suser"];
			$Mpass=$HTTP_SESSION_VARS["Spass"];
		}
		
		$redir="<script language=\"javascript\">window.location=\"member.php?".SID."\";</script>\n";
		die("$redir");
	}//end verify
	else{
		print sheader();
		$data = parse(template("memberlogin"));
		$data = addslashes($data);
		eval("echo stripslashes(\"$data\");");
		print $config->copypow;
		print footer();
	}
}//end action not set
///////////////////////////////////////////////////////////////////////
//LOST PASSWORD RECOVERY
elseif($action=="lost_password"){
	if(!isset($sact)){
		print sheader();
		/*
		$sql="SELECT * FROM ".$config->dt[templates]." WHERE name='lostpassword_main';";
		$result=mysql_query($sql);
		$value=mysql_fetch_array($result);
		//login template is stored in database
		$data = $value['template'];
		*/
		$data = parse(template("lostpassword_main"));
		$data = addslashes($data);
		eval("echo stripslashes(\"$data\");");
		print $config->copypow;
		print footer();
	}//end no subaction
	elseif($sact=="recover"){
		//user is username
		//email is email address
		$sql="SELECT * FROM ".$config->dt['user']." WHERE ".$config->field['username']."='$user' AND ".$config->field['email']."='$email'";
		$result=mysql_query($sql);
		if($result){
			$rows=mysql_num_rows($result);
			if($rows==1){
				//reset password
					$pass567890=make_password(8);
					//encrypt?
					if($config->password=="md5"){
						$sql="UPDATE ".$config->dt['user']." SET ".$config->field['password']."='".md5($pass567890)."' WHERE ".$config->field['username']."='$user';";
					}
					else{
						$sql="UPDATE ".$config->dt['user']." SET ".$config->field['password']."='".$pass567890."' WHERE ".$config->field['username']."='$user';";
					}
					$result=mysql_query($sql);
					if($result){
						//email password
							//put email together
							//pull sales department address
							$sql="SELECT sales_address FROM ".$config->dt['settings']."";
							$result=mysql_query($sql);
							while($value=mysql_fetch_array($result)){
								$from=$value['sales_address'];
								$cc=$value['sales_address'];
							}
							
							//pull user email
							$sql="SELECT ".$config->field['email']." FROM ".$config->dt['user']." WHERE ".$config->field['username']."='$user';";
							$result=mysql_query($sql);
							$value=mysql_fetch_array($result);
							$to=$value[$config->field['email']];
							
							//pull email
							$sql="SELECT mail_lostpass FROM ".$config->dt['settings']."";
							$result=mysql_query($sql);
							while($value=mysql_fetch_array($result)){
								$body=$value['mail_lostpass'];
							}
							
							//MAIL PASSWORD TO USER
								/* recipients */
									//already defined in $to
								/* subject */
									$subject 	= "New Password";
								/* message */
									$message 	= lpassparse($body,$pass567890);
								/* additional headers */
									$headers 	= "From: $from\r\n";//from has already been defined
									$headers 	.= "Cc: $cc\r\n";//$cc has already been defined
								/* send the mail */
								if(!mail($to, $subject, $message, $headers)) print "<P><b>Unable To Send Password to User!</b></P>";
								//print $message;
							print "Your new password was emailed to ".$to;
					}//end success
					else{
						$sql="SELECT sales_address FROM ".$config->dt['settings']."";
						$result=mysql_query($sql);
						while($value=mysql_fetch_array($result)){
							$from=$value['sales_address'];
							$cc=$value['sales_address'];
						}
						print "There was an error in updating your password.  Please contact <a href='mailto:$from'>$from</a> for assistance.";
					}//end error handle
			}
			else{
				//invalid
				print "The system was unable to reset your password due to a problem with the information you provided.  Please go back &amp; correct the information.";
			}//end invalid
			print sheader();
			$data = "<p align='center'><b>Please <a href='$PHP_SELF'>click</a> to continue.</b></p>";
			$data = addslashes($data);
			eval("echo stripslashes(\"$data\");");
			print $config->copypow;
			print footer();
		}
		else{
			//error
			print "Unable to obtain password information.<br>".mysql_error();
		}
	}
}//end lost password
///////////////////////////////////////////////////////////////////////
//VERIFY & FORWARD USER
elseif($action=="load"){
	if(authenticate($HTTP_COOKIE_VARS,$HTTP_POST_VARS)){
		session_save_path($sspath);
		session_start();
		//encrypt & store the information
		//$HTTP_SESSION_VARS["Suser"]=$HTTP_POST_VARS['user'];
		//$HTTP_SESSION_VARS["Spass"]=md5($HTTP_POST_VARS['pass']);
		
		global $Muser,$Mpass;
		
		$Muser=$HTTP_POST_VARS['user'];
		$Mpass=md5($HTTP_POST_VARS['pass']);
		
		session_register("Muser");
		session_register("Mpass");
		if(is_array($HTTP_SESSION_VARS)){
			$HTTP_SESSION_VARS["Muser"]=$Muser;
			$HTTP_SESSION_VARS["Mpass"]=$Mpass;
		}
		elseif(is_array($_SESSION)){
			$_SESSION["Muser"]=$Suser;
			$_SESSION["Mpass"]=$Spass;
		}
		$Muser=$HTTP_POST_VARS['user'];
		$Mpass=md5($HTTP_POST_VARS['pass']);
		
		//header("location: member.php?".SID);
		redirect("member.php?".SID);
	}
	else{
		//header("location: ".str_replace(" ","%20",$PHP_SELF));
		redirect(str_replace(" ","%20",$PHP_SELF));
	}
}
///////////////////////////////////////////////////////////////////////
//LOG USER OUT
elseif($action=="logout"){
	session_save_path($sspath);
	session_start();
	//clear variables from the session
	session_unset();
	//kill the session
	session_destroy();
	//logged out!
	//header("location: ".str_replace(" ","%20",$PHP_SELF));
	redirect(str_replace(" ","%20",$PHP_SELF));
	//logged out!
}
///////////////////////////////////////////////////////////////////////

/*
	Parse the template and replace variables with values
*/
function parse($code){
	global $PHP_SELF,$config;
	$code=str_replace("{furl}",$config->cs['forum_url'],$code);//$url
	$code=str_replace("{rurl}",$config->cs['forum_url'].$config->page['registration'],$code);//$url
	$code=str_replace("{title}",$config->cs['title'],$code);//$title
	$code=str_replace("{site}",$config->cs['forum_title'],$code);//$site
	$code=str_replace("{PHP_SELF}",$PHP_SELF,$code);//$PHP_SELF
	return $code;
}

/*
	Parse lost password email.
*/
function lpassparse($code,$password){
	global $PHP_SELF,$config;
	$code=str_replace("%PASSWORD%",$password,$code);//Password
	$code=str_replace("%SALESEMAIL%",$config->cs['sales_address'],$code);//Sales Department Email Address
	$code=str_replace("%URL%",$config->cs['forum_url'],$code);//Member Area URL
	$code=str_replace("%NAME%",$config->cs['forum_title'],$code);//Merchant Name
	$code=str_replace("%NL%","\n",$code);//New Line Codes
	return $code;
}
?>
